GAO: VA Improved Cybersecurity for Million Veteran Program After 2025 Recommendations
The Government Accountability Office found that VA has implemented 9 of 13 cybersecurity recommendations made in September 2025 to protect veterans' health information in the Million Veteran Program system. While VA's business associate agreements with external entities fully comply with HIPAA Privacy Rule requirements, GAO identified deficiencies in asset management, configuration management, and access controls that reduced assurance of data confidentiality. The improvements are significant given that MVP contains sensitive health data for approximately 1 million veterans in the nation's largest veteran biorepository. GAO continues monitoring VA's progress on the remaining four recommendations.
Managed Care
You might also like